su -

Story: Advocating And Supporting Insecure PracticesTotal Replies: 23
Author Content
golem

Aug 31, 2009
9:36 AM EDT
"This means that you cannot login as root directly or use the su command to become the root user. "

Not true. If you know the root password, you can su to root. In some circumstances that may be the best way to go.
tracyanne

Aug 31, 2009
9:39 AM EDT
if there is no root password, you can't
gus3

Aug 31, 2009
9:40 AM EDT
How about "sudo bash"? Again, no root password needed.
tuxchick

Aug 31, 2009
9:41 AM EDT
Why try to hide knowledge? This doesn't make sense.
golem

Aug 31, 2009
9:46 AM EDT
tracyanne: As administrative user you can set the root password.
golem

Aug 31, 2009
9:58 AM EDT
tuxchick: Hide knowledge for the sake of security -- hinder any crackers or malware, and reduce chances of inadvertent damage by yourself or other well-meaning users. That's the theory, anyway.
jdixon

Aug 31, 2009
9:59 AM EDT
sudo passwd root.

You can then su to root. Though you can also sudo -i, according to my wife, who's playing with an 8.4 install on her new (used) Dell Optiplex 620.

Now, to get Ubuntu to ask for the root password instead of yours, you have to add rootpw to the default settings in /etc/sudoers. And apparently you still can't start X as root. :(
azerthoth

Aug 31, 2009
12:40 PM EDT
we have beat this one to death before, some consider sudo a security hole in and of itself (I subscribe to this theory). Others see having a root password as being a security hole. The arguments for both are legion. This article has done nothing to prove/disprove either side. Well, banning me from #ubuntu ... that might be a blessing in disguise, but the only times I go in there any way is for comedy relief.
tuxchick

Aug 31, 2009
1:23 PM EDT
Seems to me if sudo were a big security hole there would be some evidence of it by now, what with all those new Ubuntu users and Linux growth in general. The most recent Linux security hole of any size was some consumer broadband routers that shipped in a default wide-open unsafe state.
Bob_Robertson

Aug 31, 2009
1:28 PM EDT
Security is inconvenient.
mrider

Aug 31, 2009
3:13 PM EDT
Personally, I think that Ubuntu uses the whole "using sudo instead of root is more secure" argument as a way to sidestep what they really think. The simple fact is that most Windows users are accustomed to logging in as Administrator "because otherwise nothing works". If Ubuntu included a root account by default, then all the Windows converts would be logging in as root because "it's too difficult to switch users".

Sometimes I enable root, sometimes I don't. It all depends on the machine and its role. The whole my way is the best way and everyone else is wrong tone really put me off about that article. Yes I agree that Ubuntu's way is better for a Windows convertee, that doesn't mean that I think it's "evil" to do anything else...
number6x

Aug 31, 2009
3:27 PM EDT
>sudo su

works well enough for most sessions where you have a lot of rootly things to do if root is not defined about the same as sudo bash.
jdixon

Aug 31, 2009
4:20 PM EDT
> Seems to me if sudo were a big security hole there would be some evidence of it by now,

Agreed. I agree that in theory it is less secure than a separate root password, but in practice it appears not enough so to make any difference. Of course, the separate root password system has had even more and longer testing, so the same is true for it.

> If Ubuntu included a root account by default, then all the Windows converts would be logging in as root because "it's too difficult to switch users".

That does seem likely, yes. And I hadn't thought of it. Thanks.
tuxchick

Aug 31, 2009
4:51 PM EDT
Quoting: "it's too difficult to switch users".


Oh yes, because it is So Easy In Windows (tm) to switch users! All you do is log completely out of your session, and then log back in as a different user! Which takes only a little less time than rebooting!

**cuss Windows quietly to myself**
Bob_Robertson

Aug 31, 2009
5:12 PM EDT
> If Ubuntu included a root account by default, then all the Windows converts would be logging in as root because...

Because that is what they are used to needing just to get their machine to work.

Weaning is hard for both mother and child, but it must be done.
mrider

Aug 31, 2009
7:19 PM EDT
@Bob_Robertson:

Yes thank you. My point exactly.
gus3

Aug 31, 2009
7:25 PM EDT
Quoting:Security is inconvenient.
But recovering your files, re-installing the OS, putting credit alerts on your name/accounts, etc etc etc, is even more inconvenient.
tracyanne

Aug 31, 2009
7:25 PM EDT
Quoting:tracyanne: As administrative user you can set the root password.


yes. The point is you don't.

but you can also do it as non Administrator if you know what you are doing and have the computer in your hands. That mind you applies to pretty much any os.

azerthoth

Aug 31, 2009
8:55 PM EDT
Quoting:Yes thank you. My point exactly.


That protecting people from their computer and computers from their users is a good thing. This smacks of your computer is smarter than you and you should trust in it barring trusting your OS provider. Why Mr. Gates when did you start working on Linux, it seems I have seen this mentality somewhere before.

Education, not imitation.
mrider

Sep 01, 2009
11:57 AM EDT
@azerthoth:

I'm not sure how to take your post. My point wasn't that I think it's a good idea to not have a root account. My point is that I think that's why Ubuntu doesn't have a root account. Because they think it's a bad idea.

Also if you read my previous post, I'm pretty much in disagreement with the idea that we should hide the information about how to enable root. As I said I sometimes enable root, sometimes don't. It just depends on the circumstances. But I'd never advocate trying to hide information from the end user.

And if you think I LIKE Windows, then well you don't know me. I don't make a big point of it, but I utterly loathe everything to do with Windows, and use it at work under protest. I'd jump ship to a place that is primarily a Linux shop in a heartbeat if I could just find one...

[EDIT] Oh, and in case anyone is looking at the site logs and seeing Windows as my user agent: I have manually modified it in Firefox specifically for places that block *nix for no reason other than that they don't see Windows. Which happens surprisingly often.
gus3

Sep 01, 2009
12:38 PM EDT
Quoting:Education, not imitation.
And if that doesn't work, try intimidation.

It seems to work for Microsoft.
mrider

Sep 01, 2009
12:49 PM EDT
Not to get too far off on a tangent about Microsoft, but the thing that irks me about their software is that they automatically assume everyone is a moron, and they do not include any way to get out of "moron-mode".

Many years ago I was setting up a Windows server for a place I worked. It was Windows 2000 Advanced Server (because we needed PAE). I was logging in as the local administrator for the first time, and what comes up? the little arrow pointing to the "start" button saying "Click to start".

Well, no **** Sherlock! I would never have guessed. After all, administrators don't normally know that clicking on "start" - starts.

Steven_Rosenber

Sep 01, 2009
4:11 PM EDT
I don't know if Michael Lucas has this same chapter in his other books, but in his "Absolute OpenBSD" book he has a great chapter on controlling access through sudo and how to make it so a given user only has the privileges he or she needs across not just one but a bunch of boxes.

I hope his newer FreeBSD book has this same material, but it's one of the best things about the OpenBSD book -- something that's useful in any Unix-like operating system.
tracyanne

Sep 01, 2009
4:57 PM EDT
Quoting:And if you think I LIKE Windows, then well you don't know me. I don't make a big point of it, but I utterly loathe everything to do with Windows, and use it at work under protest. I'd jump ship to a place that is primarily a Linux shop in a heartbeat if I could just find one...


Amen.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!